The issue of online privacy – the degree to which publishers are allowed to capture and use information derived from consumer online behavior – has been an undercurrent of concern since the very early days of the Internet. What is the right balance that allows the web to be used for marketing and commerce … but that also allows for an acceptable degree of consumer privacy?

The privacy issue has gathered steam in recent years. Today, proposed legislation affecting EU countries would dictate that web cookies (snippets of computer code) cannot be placed on a user’s computer unless it is strictly necessary for the purposes of enabling the use of a service explicitly requested by the user.

If such legislation is enacted, the implications for web publishers would be far-reaching. After all, cookies are currently used for many purposes, including web analytics, session management, content management, personalization, managing preferences, and calculating advertising revenues.

Cookies are the means by which all of these functions give the web its commercial foundation and functionality. Without them, the web would be little more than another broadcast medium for viewing non-customized information on a computer screen instead of on paper or on a TV screen.

And now those same privacy discussions are beginning to happen among U.S. lawmakers. Legislation is being crafted in Congress that may restrict the use of cookies along with other forms of “personally identifiable” information.

Is this a good development, or not?

It’s certainly true that some unscrupulous web sites and publishers have used cookies as a means to engage in nefarious behavior. But in an attempt to eliminate those exceptions, is it wise for legislation to wipe away all of the very real benefits web users derive from services that utilize cookies as the means to deliver them?

It’s pretty clear that one of the obvious impacts privacy legislation would have is on publishers who earn revenues from advertising. The inability to utilize cookies when serving online ads would affect the way the ads perform. Without cookies, ad servers are unable to perform the most basic functions such as fraud analysis and frequency capping (limiting the number of ads shown to a viewer).

In addition, publishers would lose the ability to measure “conversion” rates – tracking specific actions tied to ad revenue calculation such as downloading a white paper or to make a purchase – that is the foundation for many ad compensation packages. Or to serve a specific ad to someone who has expressed prior interest in a topic or product.

The data that these and other cookie-enabled actions provide is the basis of most online advertising programs. Without cookies, advertisers would have to purchase far more impressions served to swaths of people who may or may not be interested. Web analytics would also become more challenging; third-party services such as Web Trends and Google Analytics tap into cookies as a way to provide information and answers.

The claim that without legislation, people don’t have ways to limit the proliferation of cookies on their computers is just not accurate. Not only do many publishers provide ways for consumers to opt out of targeting techniques, surveys show that a significant proportion of Internet users — perhaps one third — routinely delete cookies from their computers. And ~10% have them permanently blocked.

It’s good for lawmakers to be looking at the privacy implications of the Internet. After all, the web continues to evolve at a quick pace, with new functionalities coming to the fore every day that may have implications on consumer privacy. But at the same time, it’s important to really think through the full ramifications of laws that, while well intentioned, would have negative consequences on everyone if enacted.

One thought on “Internet privacy legislation: What are the implications?”

The issue of cookies shows that people, once informed, are quite cautious about leaving their information behind. Just imagine all of the information gmail has with unencrypted emails stored on its servers.

If everyone understood the risks they take leaving messages on servers, you can bet they’d use tools like TrulyMail and PGP to encrypt their messages.

Sadly, most people do not fully understand how exposed they are. Remember those people in China who had their gmail accounts hacked? I bet they’ll not leave unencrypted email on anyone’s server again.